Red Teams are hired to emulate the behaviours and techniques of real-life attackers, similar to a penetration test in many ways but is more targeted. The ultimate aim is to test an organisation’s security maturity as well as its ability to detect and respond to an attack and NOT to find as many vulnerabilities as possible – the red team will try to get in and access sensitive information in any way possible.
Recently, our team was tasked to evaluate the internal security of one of the biggest organization in the Philippines. For this client, 6 Days was allotted in performing various attacks, we have unravelled handful of weaknesses on our target. For example, we were successful in taking full control of the building’s security system. These includes:
- RFID / Biometric Door System
- Metal Detectors
The consultants were able to lock-down the building – this, in effect, can effectively trap the staff and visitors inside.
Social engineering was also a big part of the engagement. Several employee accounts were successfully acquired by using phishing techniques – with many more account pivoting, this resulted in full control of the client’s online social assets.
Know more about our Red Team service: https://www.nullforge.net/html/services/redteam